lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61.0707191748340.10291@idefix.wisa.be>
Date:	Thu, 19 Jul 2007 18:27:34 +0200 (CEST)
From:	Daniël Mantione <daniel.mantione@...epascal.org>
To:	Dmitry Torokhov <dmitry.torokhov@...il.com>
cc:	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: Keyboard programming needs root



Op Thu, 19 Jul 2007, schreef Dmitry Torokhov:

> Hi Daniel,
> 
> On 7/14/07, Daniel Mantione <daniel.mantione@...epascal.org> wrote:
> > Hello,
> > 
> > A while back a patch was merged to make that only root can program the
> > keyboard:
> > 
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
> > 
> > Is this patch discussable? I think this patch isn't proper because of the
> > following reasons:
> > 
> > * Users can play games in many ways. They can configure the terminal
> > settings, (remove the automatic line feed, disable the echo etc). They
> > can
> > load console fonts. They can still put the keyboard in raw mode, etc.
> 
> Keyboard raw mode or disabling line echo may be annoying but you
> really don't want someone leaving box after binding "rm -rf /" to a
> backspace key...

As I said, the proper solution to this problem is to restore the keyboard 
in a known state after logout. There is no need for the kernel to change 
behaviour. Many operating systems allow changing keyboard layout and can 
because there is no need for it to be insecure.

However, I can agree that in some cases, as per system policy, 
administrators mays want to prevent this.

> > * All of these games can be prevented by making mingetty (or whatever 
> >   getty is used) or PAM can put the console into a known state after 
> >   logout.
> > * All of these games are annoyances, system security is not 
> >   compromised.
> > * I do not see a problem with for example a French user doing a "loadkeys
> > fr" if that allows hims to use the computer easier.
> > 
> > Worst issue for me though, is that KDSBENT is needed to be able to catch
> > keys like shift+tab, alt+fx, escape without delay. My application
> > suddenly
> > needs root permissions to work properly.
> 
> Yes, if your application mucks with the console it has to be trusted...

That is not really constructive: I don't want to muck with the console, I
a working keyboard. Linux just just requires you to muck with the console if 
you want a working keyboard. Many applications, Midnight Commander to name 
one, work around Linux console limitations (try ctrl+arrows, 
works as expected despite not supported by Linux).

Now if you force applications to work around limitations, you have a 
certain responsibility not to break them.

> > The alternative, semi raw mode,
> > has the disadvantage that you need to implement your own keymaps (like
> > X).
> > In short, this change breaks applications.
> > 
> 
> You may also try reading data directly from evdev devices... They are
> normally privileged as well but usually user logged on console is
> given access to them.

evdev has the same problem as medium/full raw mode: You need your own 
keyboard maps. This makes this solution not very practical.

To make this discussion productive, I want to work towards a solution. I 
don't mind how I can make the keyboard work as it should, I just want it 
work. Think of the needs of a user interface, you walk through controls 
using tab and shift+tab, put common commands under the function keys and 
shift/control/alt combinations. Cursor control in an editor is done with 
the navigation pad on your keyboard: arrows, home/end/pgup/pgdown, plus 
shift/control/alt combinations with them.

That is all, nothing fancy. Could the kernel support a way to do this?

Greetings,

Daniël Mantione

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ